package com.rzj.book.filter;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

//自定义过滤器
public class Erpfilter extends AuthorizationFilter{

	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
			throws Exception {
		//获取主题
		Subject subject = getSubject(request, response);
		///orders.html=perms["采购订单的查询","采购订单的审核","采购订单的确认","采购订单的入库"]
		//mappedValue="采购订单的查询","采购订单的审核","采购订单的确认","采购订单的入库"
        String[] perms = (String[]) mappedValue;

        boolean isPermitted = true;
        if(null == perms || perms.length == 0){
        	return isPermitted;
        }
        if (perms != null && perms.length > 0) {
        	for(String perm : perms){
        		
        		//只要有一个权限，就返回true
        		if(subject.isPermitted(perm)){
        			return true;
        		}
        	}
        }
        return false;
	}

}
